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Amendments to the Claims: 

This listing of the claims will replace all prior versions, and listings, of the claims 
in the application. 

Listing of Claims: 

Please amend the claims as follows without prejudice. No new matter has been 
added by way of these amendments. 

We claim: 

Claim 1 (Previously presented) A method for controlling access to a computer system 
device, being accessed through a special device file, with externally stored resources 
comprising the steps of: 

retrieving file attributes for a device file resource used in the system device access 
attempt; 

determining whether the resource that is making the access attempt is a special 
device file; 

searching a mapping database for special device files that represent the system 
device that is the object of the access attempt and generating a special device file entry 
list of all protected device files that represent said system device; and 

generating an authorization decision for the access attempt to the system device 
based on the security policy that governs each device file in the special device file entry 
list. 

Claim 2 (Original) The method as described in claim 1 further comprising before said 
searching step the step of terminating said access control method when the accessing 
resource is not a special device file. 

Claim 3 (Previously presented) The method as described in claim 1 further comprising 
after said searching step the step of terminating said access control method when said 
searching step did not find any database entries that had device specifications that match 
device specifications of the special device file making the access attempt. 
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Claim 4 (Previously presented) The method as described in claim 1 wherein said 
searching step comprises the steps of: retrieving an entry from the mapping database; 
comparing device specifications of the special device file making the access attempt to 
device specifications of the database entry; and comparing the file name of the special 
device file making the access attempt to the protected object name of the database entry. 

Claim 5 (Original) The method as described in claim 4 further comprising after said file 
name comparison step the steps of: generating a device file entry list containing the 
database entry with the same file specification and file name as the device file making the 
access attempt; and terminating said searching step. 

Claim 6 (Previously presented) The method as described in claim 4 further comprising 
after said file name comparison step the steps of placing in a file entry list, a mapping 
database entry having the same file specification as, but different file name from the 
special device file making the access attempt. 

Claim 7 (Previously presented) The method as described in claim 6 further comprising 
the steps of: 

determining whether there are more entries in the database; 

retrieving a next mapping database entry for comparison with said special device 
file making the access attempt, when more entries are found in the mapping database; and 
returning to said special device file comparison step. 
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Claim 8 (Previously presented) The method as described in claim 2 wherein said 
authorization decision step comprises the steps of: 

retrieving the current entry in the special device file entry list; 

calling the access decision component to obtain an access decision for the access 
attempt to the system device based on the security policy that governs the current entry in 
the device file entry list; 

determining whether decision component granted access; 

determining whether more entries are in said special device file entry list, if 
decision component granted access; and 

updating current entry in said special device file entry list and returning to said 
current entry retrieving step. 

Claim 9 (Previously presented) The method as described in claim 8 further comprising 
after said decision determination step the step of denying the access attempt to the system 
device if the decision component of a special device file entry denies access. 

Claim 10 (Previously presented) The method as described in claim 8 further comprising 
the step of allowing the access attempt to the system device if no more entries are in the 
special device file entry list. 

Claim 1 1 (Original) A method for controlling access to a computing system device being 
accessed through a device file, said access control being through an externally stored 
resource and comprising the steps of: 

monitoring the computing system for activities related to creating and accessing 
special device files that represent system devices; 

restricting the creation of special device files based on rules defined in the 
externally stored resource; and 

restricting special device file accesses based on rules defined in the externally 
stored resource. 
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Claim 12 (Currently Amended) A computer program product in a computer readable 
storage m edium for controlling access to a computer system device, being accessed 
through a special device file, with externally stored resources comprising the steps of: 

instructions for retrieving file attributes for a device file resource used in the 
system device access attempt; 

instructions for determining whether the resource that is making the access 
attempt is a special device file; 

instructions for searching a mapping database for special device files that 
represent the system device that is the object of the access attempt and generating a 
device file entry list of all protected device files that represent said system device; and 

instructions for generating an authorization decision for the access attempt to the 
system device based on the security policy that governs each device file in the special 
device file entry list. 

Claim 13 (Previously presented) The computer program product as described in claim 12 
wherein said instructions for searching a mapping database comprise: 

instructions for retrieving an entry from the mapping database; 

instructions for comparing the device specification of the special device file 
making the access attempt to the device specification of the database entry; and 

instructions for comparing the file name of the special device file making the 
access attempt to the protected object name of the database entry. 

Claim 14 (Previously presented) The computer program product as described in claim 13 
further comprising after said file name comparison instructions: instructions for 
generating a special device file entry list containing the database entry with the same file 
specification and file name as the special device file making the access attempt; and 
instructions for terminating said searching instructions. 
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Claim 15 (Previously presented) The computer program product as described in claim 13 
further comprising after said file name comparison instructions the instructions for 
placing in a file entry list, a mapping database entry having the same file specification as, 
but different file name from the special device file making the access attempt. 

Claim 16 (Previously presented) The computer program product described in claim 15 
further comprising: 

instructions for determining whether there are more entries in the database; 

instructions for retrieving the next mapping database entry for comparison with 
said special device file making the access attempt, when more entries are found in the 
mapping database; and 

instructions for returning to said special device file comparison step. 

Claim 17 (Presently presented) The computer program product as described in claim 12 
wherein said authorization instructions comprise: 

instructions for retrieving the current entry in the special device file entry list; 

instructions for calling the access decision component to obtain an access decision 
for the access attempt to the system device based on the security policy that governs the 
current entry in the device file entry list; 

instructions for determining whether decision component granted access; 

instructions for determining whether more entries are in said special device file 
entry list, if decision component granted access; and 

instructions for updating current entry in said special device file entry list and 
returning to said current entry retrieving step. 

Claim 18 (Original) The computer program product as described in claim 17 further 
comprising after said decision determination instructions the instructions for denying the 
access attempt to the system device if the decision component denies access. 
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Claim 19 (Previously presented) The computer program product as described in claim 17 
further comprising instructions for allowing the access attempt to the system device if no 
more entries are in the special device file entry list. 



Claim 20 (Canceled) 



Claim 21 (Canceled) 



